Changes between Version 17 and Version 18 of ldap

Timestamp:

Nov 21, 2016, 5:25:41 AM (8 years ago)

Author:

admin

Comment:

--

ldap

@@ -5 +5 @@
 == Setting the Hostname and FQDN ==
 
-[wiki:ipallocation IP allocation table]
+Remember this VM is a clone of your pc.userX.ws.ac.lk. Therefore you have to change some settings in order to make this vm unique.
+
+=== Setting up hostname ===
+
+ -  Login to the vm. change to root user
+{{{
+$sudo su
+}}}
+ - Give your password
+ - Edit /etc/hostname 
+{{{
+#nano /etc/hostname
+}}}
+   * Change '''pc''' to '''idp'''
+   * Save and Exit
+ - also edit /etc/hosts file to change 127.0.0.1 pc."your domain".ws.ac.lk pc to 127.0.0.1 idp."your domain".ws.ac.lk  idp
+
+=== IP Set up ===
+
+Edit /etc/network/interfaces files to include your IP addresses in your pc
+
+ - Login to the vm. change to root user
+{{{
+$sudo su
+}}}
+ - Give your password
+ - Edit /etc/network/interfaces
+{{{
+#vi /etc/network/interfaces
+}}}
+ - Find the following line
+{{{
+iface eth0 inet dhcp
+}}}
+'''Note''': "eth0" is the name of your virtual interface. It could also be something like "enp0s3". If so you will use that instead of eth0
+ - Change it to
+{{{
+#iface eth0 inet dhcp
+}}}
+ - Add the following lines (Get your ldap IP Address from [wiki:ipallocation iptable])
+{{{
+iface eth0 inet static
+    address "Your ldap IP address"
+    netmask 255.255.255.0
+    network 192.248.6.0
+    broadcast 192.248.6.255
+    gateway 192.248.6.254
+    dns-nameservers 192.248.1.161
+    dns-search yourdmain 
+}}}
+
+When you completed the IP settings of of VM, restart the vm and then login to confirm correct IP settings.
 
 Before you get started, make sure you set up your server so that it correctly resolves its hostname to fully qualified domain name (FQDN). This will be necessary in order for your certificates to be validated by clients.
@@ -35 +86 @@
 
   - Omit OpenLDAP server configuration? '''No''' (we want an initial database and configuration)
-  - DNS domain name: '''yoursub-dmain.ac.lk''' (use the server's domain name, minus the hostname. This will be used to create the base entry for the information tree)
+  - DNS domain name: '''"your domain".ws.ac.lk''' (use the server's domain name, minus the hostname. This will be used to create the base entry for the information tree)
   - Organization name: '''Example Inc''' (This will simply be added to the base entry as the name of your institute)
   - Administrator password: '''[whatever you'd like]'''
@@ -102 +153 @@
 {{{
 organization = "Name of your institution"
-cn = ldap.your-subdomain.ac.lk
+cn = idp.'your domain'.ws.ac.lk
 tls_www_server
 encryption_key
@@ -278 +329 @@
 }}}
 
-Now, if you search the '''dc=inst,dc=ac,dc=lk''' DIT, you will be refused if you do not use the -Z option to initiate a STARTTLS upgrade:
+Now, if you search the '''dc='your domain'dc=ws,dc=ac,dc=lk''' DIT, you will be refused if you do not use the -Z option to initiate a STARTTLS upgrade:
 
 {{{
@@ -295 +346 @@
 TLS required success
 {{{
-dn: dc=inst,dc=ac,dc=lk
-dn: cn=admin,dc=inst,dc=ac,dc=lk
+dn: dc='your domain'dc=ws,dc=ac,dc=lk
+dn: cn=admin,dc='your domain'dc=ws,dc=ac,dc=lk
 }}}
 
@@ -307 +358 @@
 Open a new file named as initial.ldif using nano or vi editor. Then copy following ldif content and do necessary adjustments to match with you institute.
 {{{
-# group, inst.ac.lk
-dn: ou=group,dc=inst,dc=ac,dc=lk
+# group, 'your domain'.ws.ac.lk
+dn: ou=group,dc='your domain'dc=ws,dc=ac,dc=lk
 description: learn groups
 objectClass: top
 objectClass: organizationalUnit
 ou: group
-# adm staf, group, inst.ac.lk
-dn: cn=adm,ou=group,dc=inst,dc=ac,dc=lk
+# adm staf, group, 'your domain'.ws.ac.lk
+dn: cn=adm,ou=group,dc='your domain'dc=ws,dc=ac,dc=lk
 cn: adm
 description: System Admin Staff
@@ -321 +372 @@
 objectClass: top
 
-# acadamic staf, group, inst.ac.lk
-dn: cn=acd,ou=group,dc=inst,dc=ac,dc=lk
+# acadamic staf, group, 'your domain'.ws.ac.lk
+dn: cn=acd,ou=group,dc='your domain'dc=ws,dc=ac,dc=lk
 cn: acd
 description: Acadamic Staff
@@ -329 +380 @@
 objectClass: top
 
-# students, group, inst.ac.lk
-dn: cn=std,ou=group,dc=inst,dc=ac,dc=lk
+# students, group, 'your domain'.ws.ac.lk
+dn: cn=std,ou=group,dc='your domain'dc=ws,dc=ac,dc=lk
 cn: bod
 description: Students
@@ -337 +388 @@
 objectClass: top
 
-# servers, inst.ac.lk
-dn: ou=servers,dc=inst,dc=ac,dc=lk
+# servers, 'your domain'.ws.ac.lk
+dn: ou=servers,dc='your domain'dc=ws,dc=ac,dc=lk
 description: inst servers that are LDAP clients
 objectClass: top
@@ -344 +395 @@
 ou: servers
 
-# idp, servers, inst.ac.lk
-dn: cn=idp,ou=servers,dc=inst,dc=ac,dc=lk
+# idp, servers, 'your domain'.ws.ac.lk
+dn: cn=idp,ou=servers,dc='your domain'dc=ws,dc=ac,dc=lk
 cn: idp
 description: Identity Server
@@ -355 +406 @@
 userPassword: {crypt}idpldap
 
-# irs, servers, inst.ac.lk
-dn: cn=irs,ou=servers,dc=inst,dc=ac,dc=lk
+# irs, servers, 'your domain'.ws.ac.lk
+dn: cn=irs,ou=servers,dc='your domain'dc=ws,dc=ac,dc=lk
 cn: irs
 description: IRS Server
@@ -366 +417 @@
 userPassword: {crypt}irsldap
 
-# people, inst.ac.lk
-dn: ou=people,dc=inst,dc=ac,dc=lk
+# people, 'your domain'.ws.ac.lk
+dn: ou=people,dc='your domain'dc=ws,dc=ac,dc=lk
 description: inst users
 objectClass: top
@@ -373 +424 @@
 ou: people
 
-# testme, people, inst.ac.lk
-dn: uid=testme,ou=people,dc=inst,dc=ac,dc=lk
+# testme, people, 'your domain'.ws.ac.lk
+dn: uid=testme,ou=people,dc='your domain'dc=ws,dc=ac,dc=lk
 cn: Test Me
 departmentNumber: LEARN
@@ -416 +467 @@
 
 {{{
-ldapadd -H ldap:// -x -D "cn=admin,dc=inst,dc=ac,dc=lk" -W -Z -f initial.ldif
+ldapadd -H ldap:// -x -D "cn=admin,dc='your domain'dc=ws,dc=ac,dc=lk" -W -Z -f initial.ldif
 }}}
 
@@ -422 +473 @@
 
 {{{
-ldapsearch -H ldap:// -x -D "cn=admin,dc=inst,dc=ac,dc=lk" -W -Z -b "dc=inst,dc=ac,dc=lk"
+ldapsearch -H ldap:// -x -D "cn=admin,dc='your domain'dc=ws,dc=ac,dc=lk" -W -Z -b "dc='your domain'dc=ws,dc=ac,dc=lk"
 }}}
 Note that Clear-Text userPassword enconded in '''base64'''
@@ -429 +480 @@
 
 {{{
-ldapdelete -H ldap:// "uid=user,ou=people,dc=inst,dc=ac,dc=lk" -D "cn=admin,dc=inst,dc=ac,dc=lk" -Z -W
+ldapdelete -H ldap:// "uid=user,ou=people,dc='your domain'dc=ws,dc=ac,dc=lk" -D "cn=admin,dc='your domain'dc=ws,dc=ac,dc=lk" -Z -W
 }}}
 
@@ -443 +494 @@
 changetype: modify
 replace: olcAccess
-olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.children="ou=servers,dc=inst,dc=ac,dc=lk" read by * none
+olcAccess: {0}to attrs=userPassword by self write by anonymous auth by dn.children="ou=servers,dc='your domain'dc=ws,dc=ac,dc=lk" read by * none
 olcAccess: {1}to attrs=shadowLastChange by self write by * read
 olcAccess: {2}to * by * read
@@ -470 +521 @@
 {{{
 $servers->setValue('server','host','localhost');
-$servers->setValue('server','base',array('dc=inst,dc=ac,dc=lk'));
-$servers->setValue('login','bind_id','cn=admin,dc=inst,dc=ac,dc=lk');
+$servers->setValue('server','base',array('dc='your domain'dc=ws,dc=ac,dc=lk'));
+$servers->setValue('login','bind_id','cn=admin,dc='your domain'dc=ws,dc=ac,dc=lk');
 $config->custom->appearance['hide_template_warning'] = true;
 $servers->setValue('server','tls',true);
@@ -520 +571 @@
 {{{
 <VirtualHost *:80/>
-ServerAdmin webmaster@inst.ac.lk
+ServerAdmin webmaster@'your domain'.ws.ac.lk
 DocumentRoot /var/www/html
-ServerName idp.inst.ac.lk
-Redirect permanent /phpldapadmin https://idp.inst.ac.lk/phpldapadmin
+ServerName idp.'your domain'.ws.ac.lk
+Redirect permanent /phpldapadmin https://'your domain'.ws.ac.lk/phpldapadmin
 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined
@@ -550 +601 @@
 
 {{{
-ServerAdmin webmaster@inst.ac.lk
-ServerName idp.inst.ac.lk
+ServerAdmin webmaster@'your domain'.ws.ac.lk
+ServerName idp.'your domain'.ws.ac.lk
 }}}
 Next, we need to set the SSL certificate directives to point to the key and certificate that we created. The directives should already exist in your file, so just modify the files they point to:
@@ -580 +631 @@
 We can now move on to the actual interface.
 
-''https://idp.inst.ac.lk/phpldapadmin/''
+''https://idp.'your domain'.'ws.ac.lk/phpldapadmin/''
 
 Enter your apache password first and then ldap admin password